After the attacks on the countries of the Middle East, the group showed its abilities and level of training.
An analyst at the cybersecurity company Vade warns that the Iranian group MuddyWater is using new strategies to attack countries in the Middle East and Central Asia.
The group's tactics, methods, and procedures (TTPs) involve the use of virus scanners and sandboxes to get into users' mailboxes. MuddyWater also uses ZIP files to deliver payloads, which has recently become the most common way to deliver malware to the computers of unsuspecting victims.
Israel, Iraq, Egypt, Armenia, Qatar, Oman, Jordan, Azerbaijan, Tajikistan, and the United Arab Emirates were victims of MuddyWater attacks that distributed Dropbox links or document attachments that used malicious URLs to direct victims to ZIP files.
MuddyWater also compromised corporate email accounts to deliver the Syncro remote administration tool, allowing the hackers to take control of the device.
Security firm Deep Instinct said last week that MuddyWater was running a phishing campaign to install the Syncro remote administration tool. The attackers sent phishing emails from a hacked corporate email (BEC attack).
Comments 0